No subject

Tue Dec 2 02:23:37 GMT 2003

Permissions - Bits capable of being set or reset to allow certain types of 
access to it. Permissions for directories may have a different meaning 
than the same set of permissions on files. 
To be able to view contents of a file 
To be able to read a directory 
To be able to add to or change a file 
To be able to delete or move files in a directory 
To be able to run a binary program or shell script 
To be able to search in a directory, combined with read permission 

I would recommend that those of you that's unsure about UNIX security read 
this HOWTO, as it explains the complexity of security on UNIX 
(not that other OS's are less complex, you just don't get to see all of 


Tobias Manthey <tmanthey at> 
Sent by: samba-ntdom-admin at 
09/23/2000 05:58 PM 
        To:        samba-ntdom at 
        Subject:        Samba TNG-2.6: File permission problem

Hi all,
please anyone correct me when I state there is no other way to integrate
W2K Clients into a Samba Domain, than to use Samba-TNG?
If so can help me anyone with the following problem.
The follwing directory is shared among the clients

drwxrwxrwx   8 tobias   manager      4096 Sep 24 00:30 public

path = /usr/local/samba/shares/public
public = no
comment = Public Share
create mask = 775
directory mask = 775
writable = yes
force create mode = 774

My goal is to create directories to which an ordinary user can add files
but cannot overwrite the existing ones.

So my apporach was the following:
create a file below public:
-rw-r--r--   1 tobias   manager         0 Sep 24 00:44 test.txt

(note that a ordinary user does no belong to the group manager)
But I was kinda suprised that every user can delete this file. Even if it
belonds to root:root with 700 permissions. Is this a wanted behavior?

Sent through GMX FreeMail -

--=_alternative 002A9CDC87256964_=
Content-Type: text/html; charset="us-ascii"

<br><font size=2 face="sans-serif">Forgot to add:</font>
<br><font size=2 face="sans-serif">chmod o+t directoryname &lt;dirname&gt; should do the trick</font>
<br><font size=2 face="sans-serif">(pay attention to your /tmp, as this should have this set as well... )</font>
<br><font size=3 face="Courier New">PS: I't in the HOWTO as well.</font>
<br><font size=3 face="Courier New">--Anders</font>
<table width=100%>
<tr valign=top>
<td><font size=1 face="sans-serif"><b>anders at</b></font>
<br><font size=1 face="sans-serif">Sent by: samba-ntdom-admin at</font>
<p><font size=1 face="sans-serif">09/24/2000 01:39 AM</font>
<td><font size=1 face="Arial">&nbsp; &nbsp; &nbsp; &nbsp; </font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; To: &nbsp; &nbsp; &nbsp; &nbsp;Tobias Manthey &lt;tmanthey at;</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; cc: &nbsp; &nbsp; &nbsp; &nbsp;samba-ntdom at</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Subject: &nbsp; &nbsp; &nbsp; &nbsp;Re: Samba TNG-2.6: File permission problem</font></table>
<br><font size=2 face="sans-serif"><br>
This is not a samba-issue, it's defined behavior under *NIX:</font><font size=3 face="Times New Roman"> <br>
</font><font size=2 face="sans-serif"><br>
Delete access under UNIX requires w(rite) access to the directory which the file is placed in, i.e. your WORLD-writeable directory is <br>
the reason for this.</font><font size=3 face="Times New Roman"> <br>
</font><font size=2 face="sans-serif"><br>

More information about the samba-ntdom mailing list